IRQL_NOT_LESS_OR_EQUAL can some please have a look at this minidump??

[Scotland2011]

Hi

I keep getting BSOD, with the IRQL_NOT_LESS_OR_EQUAL error

I have checked ram with memtest86, i have updated all drivers and can't seem to find out what the problem is.

file is uploaded here : https://ufile.io/stlnd

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffbda1fbe828e0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff802b8cb42f6, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
ffffbda1fbe828e0

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiRestoreTransitionPte+1c6
fffff802`b8cb42f6 488b09 mov rcx,qword ptr [rcx]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: System

BAD_PAGES_DETECTED: b168

TRAP_FRAME: fffff289179fa710 -- (.trap 0xfffff289179fa710)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00030bc000c rbx=0000000000000000 rcx=ffffbda1fbe828e0
rdx=ffffbda1fbe828e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802b8cb42f6 rsp=fffff289179fa8a0 rbp=fffff802b907c000
r8=0000000080000000 r9=0000000000000003 r10=ffffe00030bcb000
r11=ff00000fffffffff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!MiRestoreTransitionPte+0x1c6:
fffff802`b8cb42f6 488b09 mov rcx,qword ptr [rcx] ds:ffffbda1`fbe828e0=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff802b8e49f69 to fffff802b8e39430

STACK_TEXT:
fffff289`179fa5c8 fffff802`b8e49f69 : 00000000`0000000a ffffbda1`fbe828e0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff289`179fa5d0 fffff802`b8e46be5 : ffff8900`00007338 fffff802`b8e40535 ffffe000`30ae3180 000004ed`b59bbfff : nt!KiBugCheckDispatch+0x69
fffff289`179fa710 fffff802`b8cb42f6 : ffff8600`03f9c7b0 ffffe000`30bcbc60 00000000`00000000 02000000`00000000 : nt!KiPageFault+0x425
fffff289`179fa8a0 fffff802`b8de058b : bda1fbe8`28e004c0 ffff8600`03f9c7b0 fffff802`b907c000 00000000`00000001 : nt!MiRestoreTransitionPte+0x1c6
fffff289`179fa910 fffff802`b8f119ac : 0000000f`ffffffff 00000000`00000000 fffff289`00000000 00000000`00000000 : nt!MiRemoveLowestPriorityStandbyPage+0x19b
fffff289`179fa9a0 fffff802`b8f11b75 : 00000000`00000000 00000000`00000000 fffff802`00000000 00000000`00000207 : nt!MiPruneStandbyPages+0x228
fffff289`179faa30 fffff802`b8ce3335 : ffffbd81`f49d4040 fffff802`b8f11af0 ffffbd81`f42f0d20 fffff802`b907d8a0 : nt!MiRebalanceZeroFreeLists+0x85
fffff289`179faa80 fffff802`b8d85cd7 : ffffbd81`f49d4040 00000000`00000080 ffffbd81`f42bd040 ffffbd81`f49d4040 : nt!ExpWorkerThread+0xf5
fffff289`179fab10 fffff802`b8e408d6 : ffffe000`30980180 ffffbd81`f49d4040 fffff802`b8d85c90 00000000`00000000 : nt!PspSystemThreadStartup+0x47
fffff289`179fab60 00000000`00000000 : fffff289`179fb000 fffff289`179f4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: kb

SYMBOL_NAME: PAGE_NOT_ZERO

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module


IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUCKET_ID: PAGE_NOT_ZERO

Followup: MachineOwner
---------

*** Memory manager detected 45416 instance(s) of page corruption, target is likely to have memory corruption.

 

[Colif]

I haven't seen it report this before - BAD_PAGES_DETECTED: b168

perhaps run chkdsk on C drive

Can you follow option one on the following link - here
and then do this step below: Small memory dumps - Have Windows Create a Small Memory Dump (Minidump) on BSOD

that creates a file in c windows/minidump after the next BSOD
copy that file to documents
upload the copy from documents to a cloud server and share the link here and someone with right software to read them will help you fix it

actual dump files will tell us more about what was running at time

 

[Scotland2011]

I haven't seen it report this before - BAD_PAGES_DETECTED: b168

perhaps run chkdsk on C drive

Can you follow option one on the following link - here
and then do this step below: Small memory dumps - Have Windows Create a Small Memory Dump (Minidump) on BSOD

that creates a file in c windows/minidump after the next BSOD
copy that file to documents
upload the copy from documents to a cloud server and share the link here and someone with right software to read them will help you fix it

actual dump files will tell us more about what was running at time

Yeah i have uploaded the file here for you to have a look at
https://ufile.io/stlnd

Cheers

 

[gardenman]

Hi, I ran the dump file through the debugger and got the following information: https://pste.eu/p/zJaG.html

File: 080218-5203-01.dmp (Aug 1 2018 - 18:11:19)
BugCheck: [IRQL_NOT_LESS_OR_EQUAL (A)]
Probably caused by: memory_corruption (Process: System)
Uptime: 0 Day(s), 0 Hour(s), 37 Min(s), and 12 Sec(s)

BIOS information was not included in the dump file. This can sometimes mean an older BIOS is being used. Consider looking for an update. Note: Updating your BIOS can be risky. Never try it when you might lose power (lightning storms, recent power outages, etc).

I can't help you with this. Wait for additional replies. Good luck.

 

[Colif]

IRQ errors normally caused by drivers older than July 2015. You have 4 of them
Do you have a Brother Printer? See if you can find newer drivers as the ones you have are from 2009
See if you can update Wireless drivers

What are specs of the PC? The dump file doesn't offer any clues, I can tell you either have a Asus motherboard or GPU, and CPU is Intel I7 maybe.

 

[johnbl]

go into control panel, turn off the system virtual memory, then reboot, turn the system virutal memory back on. The goal is to delete your hidden c:\pagefile.sys and create a new one.

I would then download and run rammap64.exe go to the empty option and select them all. goal is to clean out the preloaded files in the standby memory.
https://docs.microsoft.com/en-us/sysinternals/downloads/rammap

I would then run cmd.exe as an admin (or power shell)
and delete the hibernation file a
powercfg.exe -h off

https://www.howtogeek.com/howto/15140/what-is-hiberfil.sys-and-how-do-i-delete-it/

goal is to get rid of the memory image that has the corrupted pages.

after you do this you have to find out why the pages were corrupted.
generally you would, update the BIOS, update the motherboard SATA driver for sata 3 and the CPU chipset drivers (to get sata 2 driver updates)

you would then run crystaldiskinfo.exe to see if the drive is having errors and to check the firmware version of the drive.

you would also want to run a malwarebytes scan then
run cmd.exe as an admin and run
sfc.exe /scannow
dism.exe /online /cleanup-image /restorehealth

(this will repair any storage driver that was modified by malware)